This blog is totally independent and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.

Friday, August 01, 2014

It Looks Like Things Are Getting Much Nastier Out There! Be Prepared And Alert.

And now the State of Vermont confirms that a development server of the Vermont Health Connect, the state's health insurance exchange under the Affordable Care Act, experienced a cyberattack last December, in which hackers allegedly accessed data 15 times. The attack, which was tracked to a Romanian IP address, went undetected for about a month.

In this latest case, because the server was only a development system that did not contain any production data, there was no breach, Lawrence Miller, Vermont's chief of healthcare reform, tells Information Security Media Group.

Still, the incident was a wake-up call to Vermont, and technology services firm CGI Group, which developed the state's exchange and hosts it. "We're constantly evaluating and improving security," Miller says. "I can't speak for the hackers' motives, but anytime hackers attack it's usually because they're looking for something of value, or are doing it for the sport of seeing what they can do."

Combined, these incidents represent a trend that has caught the attention of healthcare security leaders nationwide. External attacks are on the rise, and healthcare organizations need to be prepared to defend against more than the more common threats they see - i.e. lost laptops and unauthorized access to records. They need to defend against sophisticated cybercriminals who seek critical medical data to commit fraud or turn a profit.

In the past, "hackers were MIT freshman who attacked the Harvard network for fun," says John Halamka, CIO at Beth Israel Deaconess Medical Center in Boston. "Today it's a totally different kind of attack - highly sophisticated, organized criminals attempting to get medical Identities."

While a stolen Social Security number might sell for 25 cents in the underground market, and a credit card number might fetch $1, "A comprehensive medical record for me to get free surgery might be $1,000," Halamka says. "It is a commodity that is hot on the black Internet [market]."